(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version


Do you really need a domain controller?


2007/07/06



Let's start out with the good points: there are advantages to a Microsoft Domain Controller model. Centralized user control, fine grained resource access control: these are often useful and very helpful.

But not every business needs this, and there are disadvantages also. Centralized logon also means no logon if that server acts up. Resource access permissions can be much more than is needed for a small business, and can be confusing to maintain.

Unfortunately, businesses often get pushed into this model when they buy new software. The people installing the software are often fairly clueless about networking in general but what they do know is that setting up a Domain Controller makes their work easier. Note that's "their" work, not necessarily yours.

For example, you may have a mixed environment, and in spite of the shiny new Windows software, you still need some Unix apps. By the way, don't be too quick to pat yourself on the shoulder for replacing that clunking old Unix software. My bet is that in five to ten years you'll be moving back to a Unix or Linux based app: unless Microsoft finds some legal shenanigan to kill Linux, I think that's almost inevitable.

But never mind, here's the barely computer-literate Windows "consultants" come to install your new system. They'll be recommending a Domain Controller model. Push back: ask why their software can't run on a server in a peer to peer network. Almost always the answer is that it can. And doing that just might make your migration less painful. For example, a lot of small businesses have XP Home computers. Microsoft doesn't like those to join a Domain. There are ways around it (just do a Google search for "XP Home join domain") but it's still extra work and hassle.

While I'm thinking about it, do NOT let them confuse you or themselves about the "Domain". This has nothing to do with Internet DNS or your mail domain (and for crying out loud: don't let them talk you into Microsoft Exchange or IIS!). Microsoft (as usual) didn't have a clue about the Internet when they designed this stuff, so they took a meaningful name (domain) and polluted it with their nonsense. A Microsoft Domain Controller might be a DNS server, might be a mail or web server (shudder!) but that has absolutely NOTHING to do with the name you (or they) choose for the domain.

Just don't get pushed faster than you want to go. If you don't understand what they are trying to sell you, hire someone else to intercede and protect your interests. A Domain Controller can be the right choice, but it ain't necessarily so.




Click here to add your comments




Sat Jul 7 01:04:27 2007: Subject:   BigDumbDinosaur


Centralized logon also means no logon if that server acts up.

Sounds like a good reason to run Samba. It very seldom "acts up." My office file and print server hasn't acted up in some seven years -- and it isn't running Windows whatever. <Smile>

Resource access permissions can be much more than is needed for a small business, and can be confusing to maintain.

That would be somewhat dependent on the type of business. In an auto repair shop, I agree that such control is probably overkill, although you wouldn't want mechanics peeking into the payroll or general ledger, eh? In a medical clinic or bank, detailed control of access permissions is often required to comply with legal mandates such as HIPAA, with which all health care providers must comply in the USA. As for being confusing, that's more a Windows problem than anything else. At least on the Samba side of things, access control is straightforward and consistent in behavior.

Setting up a PDC does have the advantage of users having roaming profiles, which result in a consistent desktop environment on any machine that is part of the domain. In this respect, Samba is a bit more complex to set up. However, once the roaming profile setup has been debugged it is very trustworthy.

Unfortunately, businesses often get pushed into this model when they buy new software. The people installing the software are often fairly clueless about networking in general but what they do know is that setting up a Domain Controller makes their work easier. Note that's "their" work, not necessarily yours.

Ain't that the truth? I have to deal with these clueless MCSEs on a regular basis and most of them don't know their asses from a hole in the ground when it comes to networking.

My bet is that in five to ten years you'll be moving back to a Unix or Linux based app: unless Microsoft finds some legal shenanigan to kill Linux, I think that's almost inevitable.

At this point in time, I can't see Billy-boy and his lackeys killing Linux. It has become too entrenched in the computing world and even Microsoft can't marshal the resources that would be required to mount a successful battle to stop Linux. Linux achieved critical mass several years ago and is now like a freight train headed downhill with no brakes. Killing Linux would be like trying to stop citizens from speeding on the interstate: too many speeders and not enough cops.

For example, a lot of small businesses have XP Home computers. Microsoft doesn't like those to join a Domain.

XP home is way too lame to be used in a business setting. Why bother?

Just don't get pushed faster than you want to go. If you don't understand what they are trying to sell you, hire someone else to intercede and protect your interests.

True of almost anything to do with computers. They aren't like toasters!



Fri Jul 13 03:42:17 2007: Subject:   drag


I don't realy think you can setup Windows workgroup anymore without setting up a domain.

I think I remember hearing the Samba developers talking about a bug with authentication were Windows 2003 and XP could not share files or whatnot without a domain controller. They accidently recreated it when they added compatability code for windows-based handheld devices.

I think that it's not going to be long before you won't be able to even administrate windows machines without a domain controller.



Fri Jun 5 03:57:46 2009: Subject:   anonymous

gravatar
worst blog ever written.
if unix/linux/mac was so great, why does it not live on 90%+ of the worlds computers....
free means free. you certainly get what pay for in the OS business.




Fri Jun 5 17:16:06 2009: Subject:   TonyLawrence

gravatar
Worst? Ever?

if unix/linux/mac was so great, why does it not live on 90%+ of the worlds computers....

Let me ask you something: why are most people's supermarket shopping carts piled high with soft drinks?

The answer is the same as for your question. As soon as you figure that out, you'll understand why most people use Windows.



Sat Jun 6 11:20:57 2009: Subject:   TonyLawrence

gravatar
I guess I'll have to answer that for you.

Although the evidence that Coke, Pepsi, and their ilk are unhealthy is strong, the effects of drinking these aren't blatantly obvious. Moreover, more healthy alternatives are usually more expensive and are less conveniently packaged.

Coke and Pepsi are extensively advertised as general purpose drinks. Drinks like orange juice are seen as specialty items - orange juice is for breakfast only in most people's minds.

Most of your neighbors drink Pepsi or Coke. Supermarket aisles display yards and yards of these products and restaurants always have them available. Fast food restaurants often bundle these with other products to make it easy to place and order - "I'll have a number 6".

Do I really need to draw the parallels to Microsoft Windows?




Sat Jun 6 16:56:14 2009: Subject:   anonymous

gravatar
This sums up Microsoft's game: http://www.groklaw.net/article.php?story=20071023002351958

Also shows why successful from cheating.



Tue Oct 27 12:40:44 2009: Subject: re Microsoft world dominance   staffsguy50
http://www.FreeHomeSoftware.com
gravatar
Wow, that is probably the most important piece of information I have every read in my life! I know Microsoft where bullish and aggressive from their attitude towards PC dealers who wanted to sell Linux based system in the UK. I for one have weighed up the cost benefits alone between setting up an office with 20 desktops, a domain controller, mail server between windows and linux and paying for server version of linux, once you get away from branding issues and start using free alternatives such as Firefox and The Gimp, and Open Office the argument for Micorsoft is very weak to say the least. What we need are for Universities and Schools to start adopting alternatives to MS technology and teaching people that is it NOT and NEVER HAS BEEN a one horse race! See I didn't slag them M$ once!


Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar


Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments



Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.


book graphic unix and linux troubleshooting guide

My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!



 I sell and support
 Kerio Mail server




pavatar.jpg
More:
       - Networking


Unix/Linux Consultants

Skills Tests

Guest Post Here










My Favorites

Change Congress